package com.inxedu.os.edu.controller.main;

import com.inxedu.os.edu.dao.SysRoleMapper;
import com.inxedu.os.edu.service.main.impl.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private MyPasswordEncoder myPasswordEncoder;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;
//    @Autowired
//    private AuthenticationDetailsSource authenticationDetailsSource;
//
//    @Autowired
//    private CustomAuthenticationProvider authenticationProvider;
//    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().mvcMatchers("/static/**");
    }

//    @Autowired
//    private ValidateCodeFilter validateCodeFilter;
    @Autowired
    private SysRoleMapper sysRoleMapper;
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                .csrf().disable() //关闭CSRF
                .authorizeRequests()
                .antMatchers( "/admin").permitAll()
                .anyRequest().hasAnyAuthority("ROLE_ADMIN")
                .antMatchers("/admin/user/getuserList",
                        "/admin/user/updateUserPwd",
                        "/admin/user/updateuserstate"
                ).hasAnyAuthority("ROLE_Teacher")
                .antMatchers("/admin/sysfunctioin/showfunctionztree",
                        "/admin/sysfunctioin/addfunction",
                        "/admin/cou/list",
                        "/admin/kpoint/list/",
                        "/admin/kpoint/addkpoint",
                        "/admin/kpoint/updateKpoint",
                        "/admin/cou/updateCourse",
                        "/admin/cou/avaliable/",
                        "/admin/detail/list",
                        "/admin/website/websiteCoursePage",
                        "/admin/article/initcreate",
                        "/admin/article/addarticle/1",
                        "/admin/article/addarticle/2",
                        "/admin/article/showlist",
                        "/admin/article/publishOrDelete/1",
                        "/admin/article/updatearticle/2",
                        "/admin/article/updatearticle/1").hasAnyAuthority("ROLE_ADMINISTRATOR")
                .antMatchers("/admin/kpoint/deletekpoint/",
                        "/admin/cou/updateCourse",
                        "/admin/cou/avaliable/",
                        "/admin/detail/list",
                        "/admin/website/websiteCoursePage",
                        "/admin/article/initcreate",
                        "/admin/article/addarticle/1",
                        "/admin/article/addarticle/2",
                        "/admin/article/showlist",
                        "/admin/article/publishOrDelete/2",
                        "/admin/article/publishOrDelete/1",
                        "/admin/article/updatearticle/2",
                        "/admin/article/updatearticle/1",
                        "/admin/user/getuserList",
                        "/admin/user/updateUserPwd",
                        "/admin/user/updateuserstate",
                        "/admin/user/toBatchOpen",
                        "/admin/website/imagesPage",
                        "/admin/imagetype/getlist",
                        "/admin/teacher/list",
                        "/admin/teacher/update",
                        "/admin/teacher/delete/",
                        "/admin/teacher/toadd",
                        "/admin/websiteProfile/find/web",
                        "/admin/website/navigates",
                        "/admin/websiteProfile/online",
                        "/admin/theme/toupdate",
                        "/admin/questions/toQuestionsTagList",
                        "/admin/questions/list",
                        "/admin/questionscomment/list",
                        "/admin/user/letter/toSendSystemMessages",
                        "/admin/user/letter/toSendSystemMessagesBatch",
                        "/admin/comment/query",
                        "/admin/email/toEmailMsg",
                        "/admin/email/sendEmaillist",
                        "/admin/helpMenu/doadd",
                        "/admin/helpMenu/list",
                        "/admin/mobile/toMsg",
                        "/admin/mobile/sendMsglist",
                        "/admin/ehcache/queryWebsiteEhcacheList",
                        "/admin/statisticsPage/main",
                        "/admin/statisticsPage/registered",
                        "/admin/statisticsPage/videoViewingNum",
                        "/admin/jumpGenerationStatisticsPage",
                        "/admin/statisticsPage/dailyUserNumber",
                        "/admin/statisticsPage/dailyCourseNumber").hasAnyAuthority("ROLE_SALE")
                .and()
                .formLogin()
                .loginPage("/admin")
                .loginProcessingUrl("/admin/main/login")
//                .failureUrl("/admin/error")
                .successForwardUrl("/admin/main/login")
                .failureForwardUrl("/admin/error")
                .usernameParameter("sysUser.loginName")
                .passwordParameter("sysUser.loginPwd")
                .and()
                .logout()
                .logoutUrl("/admin/outlogin")
                .logoutSuccessUrl("/admin");
                http.headers().frameOptions().disable();
    }
//    private String toForeach(List <?> list){
//
//        return "";
//    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.authenticationProvider(authenticationProvider);
        auth.userDetailsService(userDetailsService).passwordEncoder(myPasswordEncoder);

    }
}
